FTP Client Proxy Package
-
jimp-
Just wanted to thank you wholeheartedly for this package. I know FTP is 'discouraged' but sadly we can't always force these decisions on users when legacy systems are in place and working. This package has saved us a lot of headache.
bravo sir
-
Dear Jimp,
thank you VERY MUCH for this great package!
Is it possible to modify package and GUI to realize an explicit proxy environment?
Best wishes
-
Have an issue with 2 in-series PFSense boxes… the 2nd one is on a LAN (Opt1 on PFSense #1 / all traffic in-and-out for that LAN on WAN Virtual IP and NAT'd through to 2nd pfSense) and needs to get out to WAN for Active FTP Session. If I set the 2nd pfSense FTP Client Proxy to WAN external address it won't connect at all, but if I set it to default (WAN - which is actually LAN going to Opt1 in first pfSense), it connects but will not open data port.
Hope this make sense - any ideas?
-
@klingone:
Is it possible to modify package and GUI to realize an explicit proxy environment?
Not that I'm aware of. If you need an explicit proxy, I believe that squid can handle that.
-
@tmc:
Have an issue with 2 in-series PFSense boxes… the 2nd one is on a LAN (Opt1 on PFSense #1 / all traffic in-and-out for that LAN on WAN Virtual IP and NAT'd through to 2nd pfSense) and needs to get out to WAN for Active FTP Session. If I set the 2nd pfSense FTP Client Proxy to WAN external address it won't connect at all, but if I set it to default (WAN - which is actually LAN going to Opt1 in first pfSense), it connects but will not open data port.
I use it here with multiple boxes in series and it's OK but I don't use VIPs or send it out an alternate WAN (just the default WAN at my edge, not my second WAN).
When using load balancing or multi-wan, the FTP traffic (including high data ports) would have to exit the default WAN or the proxy won't work correctly.
-
I've been banging my head against a brick wall trying to get an old FTP client to work properly. Thank you so much for your work, I appreciate it.
-
Hi, i need some help on configuring FTP Client Proxy Package in order to give ftp access on my network. I have 2 wan (WAN1 & WAN2) and one LAN interface.
Local Interface: I select only LAN ?
Anonymous Only: Not checked
Source Address: I put one of the two public WAN ip address?
Proxy Bypass Source: None
Proxy Bypass Dest: None
Bind Port: None
Maximum Sessions (Default: 100): None
Traffic Shaping Queue: None
Rewrite Source to Port 20 : Not checked
Idle Timeout (Default: 86400) : None
Log Connections : Not CheckedDo i need any other configuration? I use filezilla ftp server.
sorry but my knowledge is very basic on this staff.
-
Do i need any other configuration? I use filezilla ftp server.
This package is for FTP clients using active mode behind pfSense.
https://doc.pfsense.org/index.php/FTP_without_a_Proxy
-
Many thanks for building this package, install, enable, assign client interfaces ALL DONE. You safed my day! thanks a lot. sven
-
Is this suppose to add rules needed to make it work? Or do I need to the config manually as listed here?
http://www.freebsd.org/cgi/man.cgi?query=ftp-proxy&sektion=8
I ask as it appears that none are added…
using 2.2.4-RELEASE (amd64) FTP Client Proxy 0.2.1
-
There is no need to add anything manually. Install the package and pick the settings. If you have a problem, please start a new thread for assistance.
-
Why oh why doesn't pfSense bundle with this plug-in, I have been trouble shooting in the other end and then it was pfSense the entire time.
Thanks a bunch for this jimp - it working absolutly perfect and finally my Check Point has stopped yelling "Unable to Parse FTP PORT/227 command - header IP different from command IP".
-
I have installed FTP Client Proxy Package 0.3 Beta and setup on LAN.But filezilla can't connect it.The filezilla message is follow:
Status: Resolving address of ftp.aspa.idv.tw
Status: Connecting to 219.85.218.78:21…
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Status: Connected
Status: Retrieving directory listing...
Status: Server sent passive reply with unroutable address. Using server address instead.In older version can use it.How to fix it?My ftp server is used passive mode.
-
Please start a new separate thread for problems/troubleshooting.
-
Thanks much for this package! Just moved to pfSense w/ company in the trucking industry. Of course, daily fuel pricing is FTP as well as daily fuel transactions. Made my life easy. Gold bought!
-
Thanks for this package.
We've dealing with a very old application on a customer that get data updates vía FTP (active).
Our new pFSense blocked this app so gave this package a try. That was a problem as our customer didn't have any problem with the old router. We could not change anything on that application an d the mantainer refused to change FTP client config telling it was working properly. We insisted on several more secure solutions sFTP, SCP and so, but nothing.
Installed the package, solved the problem.
So we just want to say thanks.
You saved our day yesterday. -
Firstly, thanks for the package and great work.
Second, I've noticed some strange behaviour.
I have firewall rules defined for Server X, e.g.: incoming to ports 80/443/etc and there's no firewall rule for port 21 -> it's blocked. On Server X ftp client exists and with ftp client proxy package enabled I can connect to the same even though there is no such thing defined in firewall itself (GUI).
I've tried disabling option "Check this box to move the automatically added FTP rules higher in the ruleset to bypass explicit blocks. Helps allow passive FTP to arbitrary destinations, but FTP will always be allowed outbound when checked." and putting block rule on top of all rules for connections to Server on port 21 -> this traffic passes by. When I disable FTP proxy client traffic is blocked and everything is working as expected.
Thoughts?
-
Hello,
I installed FTP Proxy PFsense Packages, but I didn't find a manual that explains the various settings.
I need the FTP Proxy because I have an infrastructure with pfsense 2.1.5, and I have many FTP Server with NAT 1:1 behind it.
I would like to upgrade pfsense version to the last one 2.2.6, but I saw that without FTP proxy, I'm not able to reach FTP servers.
In this moment I'm using a virtual environment to test the FTP proxy package, but I'm not still able to made an FTP connection to my FTP Test Server.
Do someone knows ho to set the FTP Proxy package when you have a FTS server behind an 1:1 NAT.
Thanks.
-
Just to add some information.
If I try to use ftp via Command Prompt, the ftp seem to work.
I'm able to open the connetion with username and password.
ftp <ip-address>and get and put files.
Here the logs of FTP FileZilla Server
<<
000005)18/01/2016 11.52.30 - (not logged in) (192.168.1.36)> Connected, sending welcome message…
(000005)18/01/2016 11.52.30 - (not logged in) (192.168.1.36)> 220 FileZilla Server version 0.9.42 beta written by Tim Kosse (Tim.Kosse@gmx.de) Please visit http://sourceforge.
(000005)18/01/2016 11.52.36 - (not logged in) (192.168.1.36)> USER ftptest
(000005)18/01/2016 11.52.36 - (not logged in) (192.168.1.36)> 331 Password required for ftptest
(000005)18/01/2016 11.52.39 - (not logged in) (192.168.1.36)> PASS *********
(000005)18/01/2016 11.52.39 - ftptest (192.168.1.36)> 230 Logged on
(000005)18/01/2016 11.52.47 - ftptest (192.168.1.36)> PORT 192,168,1,36,207,4
(000005)18/01/2016 11.52.47 - ftptest (192.168.1.36)> 200 Port command successful
(000005)18/01/2016 11.52.47 - ftptest (192.168.1.36)> RETR 20160118.txt
(000005)18/01/2016 11.52.47 - ftptest (192.168.1.36)> 550 File not found
(000005)18/01/2016 11.52.52 - ftptest (192.168.1.36)> PORT 192,168,1,36,207,5
(000005)18/01/2016 11.52.52 - ftptest (192.168.1.36)> 200 Port command successful
(000005)18/01/2016 11.52.52 - ftptest (192.168.1.36)> NLST
(000005)18/01/2016 11.52.52 - ftptest (192.168.1.36)> 150 Opening data channel for directory list.
(000005)18/01/2016 11.52.52 - ftptest (192.168.1.36)> 226 Sucessfully transferred ""
(000005)18/01/2016 11.53.59 - ftptest (192.168.1.36)> CWD 20160107
(000005)18/01/2016 11.53.59 - ftptest (192.168.1.36)> 250 CWD successful. "/20160107" is current directory.
(000005)18/01/2016 11.54.01 - ftptest (192.168.1.36)> PORT 192,168,1,36,207,18
(000005)18/01/2016 11.54.01 - ftptest (192.168.1.36)> 200 Port command successful
(000005)18/01/2016 11.54.01 - ftptest (192.168.1.36)> NLST
(000005)18/01/2016 11.54.01 - ftptest (192.168.1.36)> 150 Opening data channel for directory list.
(000005)18/01/2016 11.54.01 - ftptest (192.168.1.36)> 226 Sucessfully transferred ""
(000005)18/01/2016 11.55.30 - ftptest (192.168.1.36)> PORT 192,168,1,36,207,35
(000005)18/01/2016 11.55.30 - ftptest (192.168.1.36)> 200 Port command successful
(000005)18/01/2016 11.55.30 - ftptest (192.168.1.36)> STOR 20160118.txt
(000005)18/01/2016 11.55.30 - ftptest (192.168.1.36)> 150 Opening data channel for file upload to server of "/20160107/20160118.txt"
(000005)18/01/2016 11.55.31 - ftptest (192.168.1.36)> 226 Sucessfully transferred ""Why with FileZilla Client I'm not able to complete those operation?
The server log says
<<
(000007)18/01/2016 12.00.40 - (not logged in) (192.168.1.36)> Connected, sending welcome message...
(000007)18/01/2016 12.00.40 - (not logged in) (192.168.1.36)> 220 FileZilla Server version 0.9.42 beta written by Tim Kosse (Tim.Kosse@gmx.de) Please visit http://sourceforge.
(000007)18/01/2016 12.00.40 - (not logged in) (192.168.1.36)> USER ftptest
(000007)18/01/2016 12.00.40 - (not logged in) (192.168.1.36)> 331 Password required for ftptest
(000007)18/01/2016 12.00.40 - (not logged in) (192.168.1.36)> PASS *********
(000007)18/01/2016 12.00.40 - ftptest (192.168.1.36)> 230 Logged on
(000007)18/01/2016 12.00.40 - ftptest (192.168.1.36)> PWD
(000007)18/01/2016 12.00.40 - ftptest (192.168.1.36)> 257 "/" is current directory.
(000007)18/01/2016 12.00.40 - ftptest (192.168.1.36)> TYPE I
(000007)18/01/2016 12.00.40 - ftptest (192.168.1.36)> 200 Type set to I
(000007)18/01/2016 12.00.40 - ftptest (192.168.1.36)> PASV
(000007)18/01/2016 12.00.40 - ftptest (192.168.1.36)> 227 Entering Passive Mode (192,168,226,28,4,119)
(000007)18/01/2016 12.00.40 - ftptest (192.168.1.36)> MLSD
(000007)18/01/2016 12.00.50 - ftptest (192.168.1.36)> 425 Can't open data connection for transfer of ""</ip-address>
-
The FTP Client Proxy Package does nothing for local servers.
Active mode FTP (which is the method the windows command prompt FTP uses) needs no proxy.
Passive mode FTP (which Filezilla defaults to) also doesn't need a proxy, provided the server is properly configured. Start a new thread and ask for help configuring a local FTP server for passive FTP and someone can assist you in crafting the rules and using the proper configuration for your FTP server to support it.
